Hi to all,
my question is general but I'll use my particular
case to explain it.
I would like to save a particular portion of an "H223
over TCP" capture file.
Imagine you develop a display filter like this:
ip.src == 192.168.0.11 && h223.mux.vc ==1 (H.223 virtual circuit: 1)
In this way I filtered the packets from one terminal to another
(ip.src == 192.168.0.11) and with h223.mux.vc ==1
Now, in the Wireshark's top pane, I can select a single
packet (all the displayed packets now are those with h223.mux.vc ==1).
For this packet, in the Wireshark's middle pane, I can highlight
the field "H.223 virtual circuit: 1" by clicking on it.
In this way, in the Wireshark's bottom pane, the bytes of interest
are automatically highlighted.
I can right click on the highlighted bytes field in the bottom
pane and do "Export Selected Packet Bytes...".
I need to do that over all the packets and append all the
bytes extracted from all the "H.223 virtual circuit: 1"
fields in a single file. Is this possible to do in some way?
(The goal is to demultiplex and save the audio and video
stream multiplexed in the h223 stream.)
Is possible to do such operation or I have to modify
the h223 dissector source code with an "fwrite" in the point where
"H.223 virtual circuit: x" is added to the Wireshark middle pane?
I already read the following discussion but seems that there isn't
a general solution:
http://thread.gmane.org/gmane.network.wireshark.user/928/focus=928
Thanks in advance,
Fabio
--
Email.it, the professional e-mail, gratis per te: http://www.email.it/f
Sponsor:
Refill s.r.l. - Cartucce compatibili e kit di ricarica per tutti i modelli di stampante. Acquista al telefono o online: consegna in tutta Italia in 48 ore!
Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=5190&d=7-2
